Computer vulnerabilities of Cisco Security Management Appliance

Cisco ESA, SMA: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco ESA/SMA, in order to run JavaScript code in the context of the web site.Impacted products:AsyncOS, Cisco Content SMA, Cisco ESA.Severity: 2/4.Consequences: client access/rights.Provenance: document.Creation date: 08/12/2016.Identifiers:cisco-sa-20161207-esa1, CSCvb37346, CVE-2016-9202, VIGILANCE-VUL-21313.

Description of the vulnerability

The OpenSSL version 1.1.0a product fixed the CVE-2016-6307 vulnerability.

However, the reception of a TLS message of 16kb frees a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area via TLS on an application linked to OpenSSL 1.1.0a, in order to trigger a denial of service, and possibly to run code.Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL library works on large numbers to perform operations such are RSA.

The BN_bn2dec() function converts a large number to its decimal representation. However, a special number forces BN_div_word() to return a limit value, then data are written after the end of the memory area.

An attacker can therefore generate a memory corruption via BN_bn2dec() of OpenSSL, in order to trigger a denial of service, and possibly to run code.Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

In order to manage replays, OpenSSL uses a sliding window containing accepted sequence numbers. However, if an attacker sends a packet with a large sequence number, the window is moved, and legitimate packets thus have numbers before the beginning of the window, and are rejected.

An attacker can therefore send a DTLS packet with a large sequence number to an application compiled with OpenSSL, in order to trigger a denial of service.Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

DTLS packets can be in the wrong order. OpenSSL has to keep them in memory, in order to reassemble them. However, in two cases, message queues are not cleared.

An attacker can therefore send DTLS packets in the wrong order with missing packets to an application compiled with OpenSSL, in order to trigger a denial of service.Full Vigil@nce bulletin... (Free trial)

Our database contains other pages. You can request a free trial to read them.